Using RedPhone (the right way), one would call, establish a connection and read off the text verification on screen to the other party. If they match, it's ZRTP-secure, if it doesn't it's MITM'd.
Why can we do that on RedPhone, while not, say, on ChatSecure, Telegram, or Wickr? Why do we have to use OTHER means to verify the identity?
Also, is it ok to verify the identity in an UNSECURE media for the second case? Like using WhatsApp to verify Wickr identity?!
Aucun commentaire:
Enregistrer un commentaire